1. Field of the Invention
The invention relates to communication networks. Particularly, the invention relates to a method for controlling access to a network in a communication system.
2. Description of the Related Art
A recent trend is that domestic appliances and consumer electronics devices are equipped with increasing sophisticated remote control capabilities. Domestic appliances may be equipped with network interfaces in order to provide for remote control via a local network. For example, a personal computer connected to the local network may provide a single point of control for a wide range of domestic appliances. It may be possible to control stereos, set-top boxes and digital recorders. However, it may also be possible to control washing machines, refrigerators, warming and security systems via the personal computer. It may be conceived that schedules for activating warming and deactivating security alarms are configured via the personal computer. It would be beneficial to be able to control domestic appliances via a mobile computer or terminal, in other words, a mobile node connected to an external network such as the Internet or a wide-range Intranet. However, the address of a mobile node may vary depending on the current sub-network used to connect to the external network.
Network firewalls are used to control access to private corporate, organizational or home networks. The firewalls enable filter rules to be defined that govern access to the private network depending on the source addresses, destination addresses, source ports, destination ports and protocols. Incoming packets and connections may be allowed or dropped based on the filter rules. However, the problem with existing firewalls is that the firewall may not be configured with all the addresses that a mobile node may use to access the network protected by the firewall. This is due to the fact that it may be impossible to predict all possible sub-networks that are used to provide a point of attachment to the mobile node. It should also be noted that the allowing of a wide ranges of addresses may expose the private network to attacks from a hostile node that happens to use these addresses.